search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Improve back button behavior.
[chromium-blink-merge.git] / extensions / common / file_util.cc
blobb6156291ab792a7bbbd8c198ac379644bbfe7f17
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "extensions/common/file_util.h"
6
7 #include <map>
8 #include <set>
9 #include <string>
10 #include <utility>
11 #include <vector>
12
13 #include "base/files/file_enumerator.h"
14 #include "base/files/file_path.h"
15 #include "base/files/file_util.h"
16 #include "base/files/scoped_temp_dir.h"
17 #include "base/json/json_file_value_serializer.h"
18 #include "base/logging.h"
19 #include "base/memory/scoped_ptr.h"
20 #include "base/metrics/field_trial.h"
21 #include "base/metrics/histogram.h"
22 #include "base/strings/stringprintf.h"
23 #include "base/strings/utf_string_conversions.h"
24 #include "base/threading/thread_restrictions.h"
25 #include "base/time/time.h"
26 #include "extensions/common/constants.h"
27 #include "extensions/common/extension.h"
28 #include "extensions/common/extension_icon_set.h"
29 #include "extensions/common/extension_l10n_util.h"
30 #include "extensions/common/extension_set.h"
31 #include "extensions/common/install_warning.h"
32 #include "extensions/common/manifest.h"
33 #include "extensions/common/manifest_constants.h"
34 #include "extensions/common/manifest_handler.h"
35 #include "extensions/common/manifest_handlers/default_locale_handler.h"
36 #include "extensions/common/manifest_handlers/icons_handler.h"
37 #include "extensions/common/manifest_handlers/shared_module_info.h"
38 #include "grit/extensions_strings.h"
39 #include "net/base/escape.h"
40 #include "net/base/filename_util.h"
41 #include "ui/base/l10n/l10n_util.h"
42 #include "url/gurl.h"
43
44 namespace extensions {
45 namespace file_util {
46 namespace {
47
48 // Returns true if the given file path exists and is not zero-length.
49 bool ValidateFilePath(const base::FilePath& path) {
50 int64 size = 0;
51 if (!base::PathExists(path) ||
52 !base::GetFileSize(path, &size) ||
53 size == 0) {
54 return false;
55 }
56
57 return true;
58 }
59
60 // Returns true if the extension installation should flush all files and the
61 // directory.
62 bool UseSafeInstallation() {
63 const char kFieldTrialName[] = "ExtensionUseSafeInstallation";
64 const char kEnable[] = "Enable";
65 return base::FieldTrialList::FindFullName(kFieldTrialName) == kEnable;
66 }
67
68 enum FlushOneOrAllFiles {
69 ONE_FILE_ONLY,
70 ALL_FILES
71 };
72
73 // Flush all files in a directory or just one. When flushing all files, it
74 // makes sure every file is on disk. When flushing one file only, it ensures
75 // all parent directories are on disk.
76 void FlushFilesInDir(const base::FilePath& path,
77 FlushOneOrAllFiles one_or_all_files) {
78 if (!UseSafeInstallation()) {
79 return;
80 }
81 base::FileEnumerator temp_traversal(path,
82 true, // recursive
83 base::FileEnumerator::FILES);
84 for (base::FilePath current = temp_traversal.Next(); !current.empty();
85 current = temp_traversal.Next()) {
86 base::File currentFile(current,
87 base::File::FLAG_OPEN | base::File::FLAG_WRITE);
88 currentFile.Flush();
89 currentFile.Close();
90 if (one_or_all_files == ONE_FILE_ONLY) {
91 break;
92 }
93 }
94 }
95
96 } // namespace
97
98 const base::FilePath::CharType kTempDirectoryName[] = FILE_PATH_LITERAL("Temp");
99
100 base::FilePath InstallExtension(const base::FilePath& unpacked_source_dir,
101 const std::string& id,
102 const std::string& version,
103 const base::FilePath& extensions_dir) {
104 base::FilePath extension_dir = extensions_dir.AppendASCII(id);
105 base::FilePath version_dir;
106
107 // Create the extension directory if it doesn't exist already.
108 if (!base::PathExists(extension_dir)) {
109 if (!base::CreateDirectory(extension_dir))
110 return base::FilePath();
111 }
112
113 // Get a temp directory on the same file system as the profile.
114 base::FilePath install_temp_dir = GetInstallTempDir(extensions_dir);
115 base::ScopedTempDir extension_temp_dir;
116 if (install_temp_dir.empty() ||
117 !extension_temp_dir.CreateUniqueTempDirUnderPath(install_temp_dir)) {
118 LOG(ERROR) << "Creating of temp dir under in the profile failed.";
119 return base::FilePath();
120 }
121 base::FilePath crx_temp_source =
122 extension_temp_dir.path().Append(unpacked_source_dir.BaseName());
123 if (!base::Move(unpacked_source_dir, crx_temp_source)) {
124 LOG(ERROR) << "Moving extension from : " << unpacked_source_dir.value()
125 << " to : " << crx_temp_source.value() << " failed.";
126 return base::FilePath();
127 }
128
129 // Try to find a free directory. There can be legitimate conflicts in the case
130 // of overinstallation of the same version.
131 const int kMaxAttempts = 100;
132 for (int i = 0; i < kMaxAttempts; ++i) {
133 base::FilePath candidate = extension_dir.AppendASCII(
134 base::StringPrintf("%s_%u", version.c_str(), i));
135 if (!base::PathExists(candidate)) {
136 version_dir = candidate;
137 break;
138 }
139 }
140
141 if (version_dir.empty()) {
142 LOG(ERROR) << "Could not find a home for extension " << id << " with "
143 << "version " << version << ".";
144 return base::FilePath();
145 }
146
147 base::TimeTicks start_time = base::TimeTicks::Now();
148
149 // Flush the source dir completely before moving to make sure everything is
150 // on disk. Otherwise a sudden power loss could cause the newly installed
151 // extension to be in a corrupted state. Note that empty sub-directories
152 // may still be lost.
153 FlushFilesInDir(crx_temp_source, ALL_FILES);
154
155 // The target version_dir does not exists yet, so base::Move() is using
156 // rename() on POSIX systems. It is atomic in the sense that it will
157 // either complete successfully or in the event of data loss be reverted.
158 if (!base::Move(crx_temp_source, version_dir)) {
159 LOG(ERROR) << "Installing extension from : " << crx_temp_source.value()
160 << " into : " << version_dir.value() << " failed.";
161 return base::FilePath();
162 }
163
164 // Flush one file in the new version_dir to make sure the dir move above is
165 // persisted on disk. This is guaranteed on POSIX systems. ExtensionPrefs
166 // is going to be updated with the new version_dir later. In the event of
167 // data loss ExtensionPrefs should be pointing to the previous version which
168 // is still fine.
169 FlushFilesInDir(version_dir, ONE_FILE_ONLY);
170
171 UMA_HISTOGRAM_TIMES("Extensions.FileInstallation",
172 base::TimeTicks::Now() - start_time);
173
174 return version_dir;
175 }
176
177 void UninstallExtension(const base::FilePath& extensions_dir,
178 const std::string& id) {
179 // We don't care about the return value. If this fails (and it can, due to
180 // plugins that aren't unloaded yet), it will get cleaned up by
181 // ExtensionGarbageCollector::GarbageCollectExtensions.
182 base::DeleteFile(extensions_dir.AppendASCII(id), true); // recursive.
183 }
184
185 scoped_refptr<Extension> LoadExtension(const base::FilePath& extension_path,
186 Manifest::Location location,
187 int flags,
188 std::string* error) {
189 return LoadExtension(extension_path, std::string(), location, flags, error);
190 }
191
192 scoped_refptr<Extension> LoadExtension(const base::FilePath& extension_path,
193 const std::string& extension_id,
194 Manifest::Location location,
195 int flags,
196 std::string* error) {
197 scoped_ptr<base::DictionaryValue> manifest =
198 LoadManifest(extension_path, error);
199 if (!manifest.get())
200 return NULL;
201 if (!extension_l10n_util::LocalizeExtension(
202 extension_path, manifest.get(), error)) {
203 return NULL;
204 }
205
206 scoped_refptr<Extension> extension(Extension::Create(
207 extension_path, location, *manifest, flags, extension_id, error));
208 if (!extension.get())
209 return NULL;
210
211 std::vector<InstallWarning> warnings;
212 if (!ValidateExtension(extension.get(), error, &warnings))
213 return NULL;
214 extension->AddInstallWarnings(warnings);
215
216 return extension;
217 }
218
219 scoped_ptr<base::DictionaryValue> LoadManifest(
220 const base::FilePath& extension_path,
221 std::string* error) {
222 return LoadManifest(extension_path, kManifestFilename, error);
223 }
224
225 scoped_ptr<base::DictionaryValue> LoadManifest(
226 const base::FilePath& extension_path,
227 const base::FilePath::CharType* manifest_filename,
228 std::string* error) {
229 base::FilePath manifest_path = extension_path.Append(manifest_filename);
230 if (!base::PathExists(manifest_path)) {
231 *error = l10n_util::GetStringUTF8(IDS_EXTENSION_MANIFEST_UNREADABLE);
232 return NULL;
233 }
234
235 JSONFileValueDeserializer deserializer(manifest_path);
236 scoped_ptr<base::Value> root(deserializer.Deserialize(NULL, error));
237 if (!root.get()) {
238 if (error->empty()) {
239 // If |error| is empty, than the file could not be read.
240 // It would be cleaner to have the JSON reader give a specific error
241 // in this case, but other code tests for a file error with
242 // error->empty(). For now, be consistent.
243 *error = l10n_util::GetStringUTF8(IDS_EXTENSION_MANIFEST_UNREADABLE);
244 } else {
245 *error = base::StringPrintf(
246 "%s %s", manifest_errors::kManifestParseError, error->c_str());
247 }
248 return NULL;
249 }
250
251 if (!root->IsType(base::Value::TYPE_DICTIONARY)) {
252 *error = l10n_util::GetStringUTF8(IDS_EXTENSION_MANIFEST_INVALID);
253 return NULL;
254 }
255
256 return base::DictionaryValue::From(root.Pass());
257 }
258
259 bool ValidateExtension(const Extension* extension,
260 std::string* error,
261 std::vector<InstallWarning>* warnings) {
262 // Ask registered manifest handlers to validate their paths.
263 if (!ManifestHandler::ValidateExtension(extension, error, warnings))
264 return false;
265
266 // Check children of extension root to see if any of them start with _ and is
267 // not on the reserved list. We only warn, and do not block the loading of the
268 // extension.
269 std::string warning;
270 if (!CheckForIllegalFilenames(extension->path(), &warning))
271 warnings->push_back(InstallWarning(warning));
272
273 // Check that the extension does not include any Windows reserved filenames.
274 std::string windows_reserved_warning;
275 if (!CheckForWindowsReservedFilenames(extension->path(),
276 &windows_reserved_warning)) {
277 warnings->push_back(InstallWarning(windows_reserved_warning));
278 }
279
280 // Check that extensions don't include private key files.
281 std::vector<base::FilePath> private_keys =
282 FindPrivateKeyFiles(extension->path());
283 if (extension->creation_flags() & Extension::ERROR_ON_PRIVATE_KEY) {
284 if (!private_keys.empty()) {
285 // Only print one of the private keys because l10n_util doesn't have a way
286 // to translate a list of strings.
287 *error =
288 l10n_util::GetStringFUTF8(IDS_EXTENSION_CONTAINS_PRIVATE_KEY,
289 private_keys.front().LossyDisplayName());
290 return false;
291 }
292 } else {
293 for (size_t i = 0; i < private_keys.size(); ++i) {
294 warnings->push_back(InstallWarning(
295 l10n_util::GetStringFUTF8(IDS_EXTENSION_CONTAINS_PRIVATE_KEY,
296 private_keys[i].LossyDisplayName())));
297 }
298 // Only warn; don't block loading the extension.
299 }
300 return true;
301 }
302
303 std::vector<base::FilePath> FindPrivateKeyFiles(
304 const base::FilePath& extension_dir) {
305 std::vector<base::FilePath> result;
306 // Pattern matching only works at the root level, so filter manually.
307 base::FileEnumerator traversal(
308 extension_dir, /*recursive=*/true, base::FileEnumerator::FILES);
309 for (base::FilePath current = traversal.Next(); !current.empty();
310 current = traversal.Next()) {
311 if (!current.MatchesExtension(kExtensionKeyFileExtension))
312 continue;
313
314 std::string key_contents;
315 if (!base::ReadFileToString(current, &key_contents)) {
316 // If we can't read the file, assume it's not a private key.
317 continue;
318 }
319 std::string key_bytes;
320 if (!Extension::ParsePEMKeyBytes(key_contents, &key_bytes)) {
321 // If we can't parse the key, assume it's ok too.
322 continue;
323 }
324
325 result.push_back(current);
326 }
327 return result;
328 }
329
330 bool CheckForIllegalFilenames(const base::FilePath& extension_path,
331 std::string* error) {
332 // Reserved underscore names.
333 static const base::FilePath::CharType* reserved_names[] = {
334 kLocaleFolder, kPlatformSpecificFolder, FILE_PATH_LITERAL("__MACOSX"), };
335 CR_DEFINE_STATIC_LOCAL(
336 std::set<base::FilePath::StringType>,
337 reserved_underscore_names,
338 (reserved_names, reserved_names + arraysize(reserved_names)));
339
340 // Enumerate all files and directories in the extension root.
341 // There is a problem when using pattern "_*" with FileEnumerator, so we have
342 // to cheat with find_first_of and match all.
343 const int kFilesAndDirectories =
344 base::FileEnumerator::DIRECTORIES | base::FileEnumerator::FILES;
345 base::FileEnumerator all_files(extension_path, false, kFilesAndDirectories);
346
347 base::FilePath file;
348 while (!(file = all_files.Next()).empty()) {
349 base::FilePath::StringType filename = file.BaseName().value();
350
351 // Skip all that don't start with "_".
352 if (filename.find_first_of(FILE_PATH_LITERAL("_")) != 0)
353 continue;
354 if (reserved_underscore_names.find(filename) ==
355 reserved_underscore_names.end()) {
356 *error = base::StringPrintf(
357 "Cannot load extension with file or directory name %s. "
358 "Filenames starting with \"_\" are reserved for use by the system.",
359 file.BaseName().AsUTF8Unsafe().c_str());
360 return false;
361 }
362 }
363
364 return true;
365 }
366
367 bool CheckForWindowsReservedFilenames(const base::FilePath& extension_dir,
368 std::string* error) {
369 const int kFilesAndDirectories =
370 base::FileEnumerator::DIRECTORIES | base::FileEnumerator::FILES;
371 base::FileEnumerator traversal(extension_dir, true, kFilesAndDirectories);
372
373 for (base::FilePath current = traversal.Next(); !current.empty();
374 current = traversal.Next()) {
375 base::FilePath::StringType filename = current.BaseName().value();
376 bool is_reserved_filename = net::IsReservedNameOnWindows(filename);
377 if (is_reserved_filename) {
378 *error = base::StringPrintf(
379 "Cannot load extension with file or directory name %s. "
380 "The filename is illegal.",
381 current.BaseName().AsUTF8Unsafe().c_str());
382 return false;
383 }
384 }
385
386 return true;
387 }
388
389 base::FilePath GetInstallTempDir(const base::FilePath& extensions_dir) {
390 // We do file IO in this function, but only when the current profile's
391 // Temp directory has never been used before, or in a rare error case.
392 // Developers are not likely to see these situations often, so do an
393 // explicit thread check.
394 base::ThreadRestrictions::AssertIOAllowed();
395
396 // Create the temp directory as a sub-directory of the Extensions directory.
397 // This guarantees it is on the same file system as the extension's eventual
398 // install target.
399 base::FilePath temp_path = extensions_dir.Append(kTempDirectoryName);
400 if (base::PathExists(temp_path)) {
401 if (!base::DirectoryExists(temp_path)) {
402 DLOG(WARNING) << "Not a directory: " << temp_path.value();
403 return base::FilePath();
404 }
405 if (!base::PathIsWritable(temp_path)) {
406 DLOG(WARNING) << "Can't write to path: " << temp_path.value();
407 return base::FilePath();
408 }
409 // This is a directory we can write to.
410 return temp_path;
411 }
412
413 // Directory doesn't exist, so create it.
414 if (!base::CreateDirectory(temp_path)) {
415 DLOG(WARNING) << "Couldn't create directory: " << temp_path.value();
416 return base::FilePath();
417 }
418 return temp_path;
419 }
420
421 void DeleteFile(const base::FilePath& path, bool recursive) {
422 base::DeleteFile(path, recursive);
423 }
424
425 base::FilePath ExtensionURLToRelativeFilePath(const GURL& url) {
426 std::string url_path = url.path();
427 if (url_path.empty() || url_path[0] != '/')
428 return base::FilePath();
429
430 // Drop the leading slashes and convert %-encoded UTF8 to regular UTF8.
431 std::string file_path = net::UnescapeURLComponent(url_path,
432 net::UnescapeRule::SPACES | net::UnescapeRule::URL_SPECIAL_CHARS);
433 size_t skip = file_path.find_first_not_of("/\\");
434 if (skip != file_path.npos)
435 file_path = file_path.substr(skip);
436
437 base::FilePath path = base::FilePath::FromUTF8Unsafe(file_path);
438
439 // It's still possible for someone to construct an annoying URL whose path
440 // would still wind up not being considered relative at this point.
441 // For example: chrome-extension://id/c:////foo.html
442 if (path.IsAbsolute())
443 return base::FilePath();
444
445 return path;
446 }
447
448 base::FilePath ExtensionResourceURLToFilePath(const GURL& url,
449 const base::FilePath& root) {
450 std::string host = net::UnescapeURLComponent(url.host(),
451 net::UnescapeRule::SPACES | net::UnescapeRule::URL_SPECIAL_CHARS);
452 if (host.empty())
453 return base::FilePath();
454
455 base::FilePath relative_path = ExtensionURLToRelativeFilePath(url);
456 if (relative_path.empty())
457 return base::FilePath();
458
459 base::FilePath path = root.AppendASCII(host).Append(relative_path);
460 if (!base::PathExists(path))
461 return base::FilePath();
462 path = base::MakeAbsoluteFilePath(path);
463 if (path.empty() || !root.IsParent(path))
464 return base::FilePath();
465 return path;
466 }
467
468 bool ValidateExtensionIconSet(const ExtensionIconSet& icon_set,
469 const Extension* extension,
470 int error_message_id,
471 std::string* error) {
472 for (ExtensionIconSet::IconMap::const_iterator iter = icon_set.map().begin();
473 iter != icon_set.map().end();
474 ++iter) {
475 const base::FilePath path =
476 extension->GetResource(iter->second).GetFilePath();
477 if (!ValidateFilePath(path)) {
478 *error = l10n_util::GetStringFUTF8(error_message_id,
479 base::UTF8ToUTF16(iter->second));
480 return false;
481 }
482 }
483 return true;
484 }
485
486 MessageBundle* LoadMessageBundle(
487 const base::FilePath& extension_path,
488 const std::string& default_locale,
489 std::string* error) {
490 error->clear();
491 // Load locale information if available.
492 base::FilePath locale_path = extension_path.Append(kLocaleFolder);
493 if (!base::PathExists(locale_path))
494 return NULL;
495
496 std::set<std::string> chrome_locales;
497 extension_l10n_util::GetAllLocales(&chrome_locales);
498
499 base::FilePath default_locale_path = locale_path.AppendASCII(default_locale);
500 if (default_locale.empty() ||
501 chrome_locales.find(default_locale) == chrome_locales.end() ||
502 !base::PathExists(default_locale_path)) {
503 *error = l10n_util::GetStringUTF8(
504 IDS_EXTENSION_LOCALES_NO_DEFAULT_LOCALE_SPECIFIED);
505 return NULL;
506 }
507
508 MessageBundle* message_bundle =
509 extension_l10n_util::LoadMessageCatalogs(
510 locale_path,
511 default_locale,
512 extension_l10n_util::CurrentLocaleOrDefault(),
513 error);
514
515 return message_bundle;
516 }
517
518 MessageBundle::SubstitutionMap* LoadMessageBundleSubstitutionMap(
519 const base::FilePath& extension_path,
520 const std::string& extension_id,
521 const std::string& default_locale) {
522 MessageBundle::SubstitutionMap* return_value =
523 new MessageBundle::SubstitutionMap();
524 if (!default_locale.empty()) {
525 // Touch disk only if extension is localized.
526 std::string error;
527 scoped_ptr<MessageBundle> bundle(
528 LoadMessageBundle(extension_path, default_locale, &error));
529
530 if (bundle.get())
531 *return_value = *bundle->dictionary();
532 }
533
534 // Add @@extension_id reserved message here, so it's available to
535 // non-localized extensions too.
536 return_value->insert(
537 std::make_pair(MessageBundle::kExtensionIdKey, extension_id));
538
539 return return_value;
540 }
541
542 MessageBundle::SubstitutionMap* LoadMessageBundleSubstitutionMapWithImports(
543 const std::string& extension_id,
544 const ExtensionSet& extension_set) {
545 const Extension* extension = extension_set.GetByID(extension_id);
546 MessageBundle::SubstitutionMap* return_value =
547 new MessageBundle::SubstitutionMap();
548
549 // Add @@extension_id reserved message here, so it's available to
550 // non-localized extensions too.
551 return_value->insert(
552 std::make_pair(MessageBundle::kExtensionIdKey, extension_id));
553
554 base::FilePath extension_path;
555 std::string default_locale;
556 if (!extension) {
557 NOTREACHED() << "Missing extension " << extension_id;
558 return return_value;
559 }
560
561 // Touch disk only if extension is localized.
562 default_locale = LocaleInfo::GetDefaultLocale(extension);
563 if (default_locale.empty()) {
564 return return_value;
565 }
566
567 std::string error;
568 scoped_ptr<MessageBundle> bundle(
569 LoadMessageBundle(extension->path(), default_locale, &error));
570
571 if (bundle.get()) {
572 for (auto iter : *bundle->dictionary()) {
573 return_value->insert(std::make_pair(iter.first, iter.second));
574 }
575 }
576
577 auto imports = extensions::SharedModuleInfo::GetImports(extension);
578 // Iterate through the imports in reverse. This will allow later imported
579 // modules to override earlier imported modules, as the list order is
580 // maintained from the definition in manifest.json of the imports.
581 for (auto it = imports.rbegin(); it != imports.rend(); ++it) {
582 const extensions::Extension* imported_extension =
583 extension_set.GetByID(it->extension_id);
584 if (!imported_extension) {
585 NOTREACHED() << "Missing shared module " << it->extension_id;
586 continue;
587 }
588 scoped_ptr<MessageBundle> imported_bundle(
589 LoadMessageBundle(imported_extension->path(), default_locale, &error));
590
591 if (imported_bundle.get()) {
592 for (auto iter : *imported_bundle->dictionary()) {
593 // |insert| only adds new entries, and does not replace entries in
594 // the main extension or previously processed imports.
595 return_value->insert(std::make_pair(iter.first, iter.second));
596 }
597 }
598 }
599
600 return return_value;
601 }
602
603 base::FilePath GetVerifiedContentsPath(const base::FilePath& extension_path) {
604 return extension_path.Append(kMetadataFolder)
605 .Append(kVerifiedContentsFilename);
606 }
607 base::FilePath GetComputedHashesPath(const base::FilePath& extension_path) {
608 return extension_path.Append(kMetadataFolder).Append(kComputedHashesFilename);
609 }
610
611 } // namespace file_util
612 } // namespace extensions